Chrome

Chrome Passes 25% Market Share, IE and Firefox Slip 234

Posted by timothy
from the none-of-them-are-perfect dept.
An anonymous reader writes: In April 2015, we saw the naming of Microsoft Edge, the release of Chrome 42, and the first full month of Firefox 37 availability. Now we're learning that Google's browser has finally passed the 25 percent market share mark. Hit the link for some probably unnecessarily fine-grained statistics on recent browser trends. Have your browser habits shifted recently? Which browsers do you use most often?
Security

Researcher Bypasses Google Password Alert For Second Time 34

Posted by timothy
from the if-you-watch-everything-you-lose-perspective dept.
Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.
Google

Google Announces "Password Alert" To Protect Against Phishing Attacks 71

Posted by samzenpus
from the protect-ya-neck dept.
HughPickens.com writes: Google has announced Password Alert, a free, open-source Chrome extension that protects your Google Accounts from phishing attacks. Once you've installed it, Password Alert will show a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice. Once you've installed and initialized Password Alert, Chrome will remember a "scrambled" version of your Google Account password. It only remembers this information for security purposes and doesn't share it with anyone. If you type your password into a site that isn't a Google sign-in page, an alert will tell you that you're at risk of being phished so you can update your password and protect yourself.
Patents

Microsoft Increases Android Patent Licensing Reach 103

Posted by Soulskill
from the if-you-can't-beat-'em,-bleed-'em dept.
BrianFagioli writes: Microsoft may not be winning in the mobile arena, but they're still making tons of money from those who are. Patent licensing agreements net the company billions each year from device makers like Samsung, Foxconn, and ZTE. Now, Microsoft has added another company to that list: Qisda Corp. They make a number of Android and Chrome-based devices under the Qisda brand and the BenQ brand, and now Microsoft will be making money off those, too.
Security

Chrome 43 Should Help Batten Down HTTPS Sites 70

Posted by timothy
from the yes-yes-we-know dept.
River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock.
Google

Google To Propose QUIC As IETF Standard 84

Posted by timothy
from the ok-now-do-it-this-way dept.
As reported by TechCrunch, "Google says it plans to propose HTTP2-over-QUIC to the IETF as a new Internet standard in the future," having disclosed a few days ago that about half of the traffic from Chrome browsers is using QUIC already. From the article: The name "QUIC" stands for Quick UDP Internet Connection. UDP's (and QUIC's) counterpart in the protocol world is basically TCP (which in combination with the Internet Protocol (IP) makes up the core communication language of the Internet). UDP is significantly more lightweight than TCP, but in return, it features far fewer error correction services than TCP. ... That's why UDP is great for gaming services. For these services, you want low overhead to reduce latency and if the server didn't receive your latest mouse movement, there's no need to spend a second or two to fix that because the action has already moved on. You wouldn't want to use it to request a website, though, because you couldn't guarantee that all the data would make it. With QUIC, Google aims to combine some of the best features of UDP and TCP with modern security tools.
Chrome

Chrome 42 Launches With Push Notifications 199

Posted by Soulskill
from the douglas-adams-edition dept.
An anonymous reader writes: Google today launched Chrome 42 for Windows, Mac, and Linux with new developer tools. Chrome 42 offers two new APIs (Push API and Notifications API) that together allow sites to send notifications to their users even after the given page is closed. While this can be quite an intrusive feature for a browser, Google promises the users have to first grant explicit permission before they receive such a message.
Google

Google Is Too Slow At Clearing Junkware From the Chrome Extension Store 45

Posted by timothy
from the imperfect-world dept.
Mark Wilson writes Malware is something computer users — and even mobile and tablet owners — are now more aware of than ever. That said, many people do not give a second thought to installing a browser extension to add new features to their most frequently used application. Despite the increased awareness, malware is not something a lot of web users think of in relation to extensions; but they should.

Since the beginning of 2015 — just over three months — Google has already received over 100,000 complaints from Chrome users about 'ad injectors' hidden in extensions. Security researchers have also discovered that a popular extension — Webpage Screenshot — includes code that could be used to send browsing history back to a remote server. Google is taking steps to clean up the extension store to try to prevent things like this happening, but security still needs to be tightened up.
Android

Visual Studio 2015 Can Target Linux; Android Apps Anywhere Chrome Can Run 96

Posted by timothy
from the then-you-win-maybe dept.
jones_supa writes Phoronix has noticed that the Visual Studio 2015 product page mentions that the new IDE can target Linux out of the box. Specifically the page says "Build for iOS, Android, Windows devices, Windows Server or Linux". What this actually means is not completely certain at this point, but it certainly laces nicely with the company opening up the .NET Framework. And speaking of cross-platform software: new submitter mccrew writes Google has released a tool that lets Android apps run on any machine that can run its Chrome browser. Called Arc Welder, the tool acts as a wrapper around Android apps so they can run on Windows, OS X and Linux machines. The software expands the places that Android apps can run and might make it easier for developers to get code working on different machines.
China

Chinese Certificate Authority CNNIC Is Dropped From Google Products 176

Posted by timothy
from the reject-your-reality-and-substitute-our-own dept.
eldavojohn writes A couple weeks ago, Google contacted the CNNIC (China's CA) to alert them of a problem regarding the delegated power of issuing fraudulent certificates for domains (in fact this came to light after fraudulent certificates were issued for Google's domains). Following this, Google decided to remove the CNNIC Root and EV CA as trusted CAs in its Chrome browser and all Google products. Today, the CNNIC responded to Google: "1. The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users' rights and interests into full consideration. 2. For the users that CNNIC has already issued the certificates to, we guarantee that your lawful rights and interests will not be affected." Mozilla is waiting to formulate a plan.
Google

Google Unveils the Chromebit: an HDMI Chromebook Dongle 50

Posted by Soulskill
from the still-waiting-on-hardware-called-chromedome dept.
An anonymous reader writes: Today Google unveiled a new device: the Chromebit. It's a small compute stick that contains the Rockchip 3288 processor, 2GB RAM, and 16GB of storage — much like a low-end Chromebook. It connects to a TV or monitor through an HDMI port. (It also has a USB port for power and plugging in peripherals.) Google says the Chromebit is their solution for turning any display into a computer, and it will cost under $100. Google also announced a couple of new Chromebooks as well. Haier and Hisense models will cost $150, and an ASUS model with a rotating display will cost $250.
Education

No Film At 11: the Case For the Less-Video-Is-More MOOC 87

Posted by Soulskill
from the better-learning-through-animated-GIFs dept.
theodp writes: In Why My MOOC is Not Built on Video, GWU's Lorena Barba explains why the Practical Numerical Methods with Python course she and colleagues put together has but one video: "Why didn't we have more video? The short answer is budget and time: making good-quality videos is expensive & making simple yet effective educational videos is time consuming, if not necessarily costly. #NumericalMOOC was created on-the-fly, with little budget. But here's my point: expensive, high-production-value videos are not necessary to achieve a quality learning experience." When the cost of producing an MOOC can exceed $100,000 per course, Barba suggests educators pay heed to Donald Bligh's 1971 observation that "dazzling presentations do not necessarily result in learning." So what would Barba do? "We designed the central learning experience [of #NumericalMOOC] around a set of IPython Notebooks," she explains, "and meaningful yet achievable mini-projects for students. I guarantee learning results to any student that fully engages with these!"
Chrome

Chrome OS Receives Extreme Makeover With Material Design and Google Now 112

Posted by samzenpus
from the latest-and-greatest dept.
MojoKid writes Late last week, Google quietly began inviting people to opt into the beta channel for ChromeOS to help the company "shape the future" of the OS. Some betas can be riskier than others, but Google says that opting into this one is just a "little risk", one that will pay off handsomely for those who crave new features. New in this version is Chrome Launcher 2.0, which gives you quick access to a number of common features, including the apps you use most often (examples are Hangouts, Calculator, and Files). Some apps have also received a fresh coat of paint, such as the file manager. Google notes that this is just the start, so there will be more updates rolling out to the beta OS as time goes on. Other key features available in this beta include the ability to extract pass protected Zip archives, as well as a perk for travelers. ChromeOS will now automatically detect your new timezone, and then update the time and date accordingly.
Classic Games (Games)

SuperMario 64 Coming To a Browser Near You! 97

Posted by samzenpus
from the play-time dept.
Billly Gates writes Since Unity has been given a liberal license and free for non commercial developers it has become popular. A computer science student Erik Roystan Ross used the tool to remake SuperMario 64 with a modern Unity 5 engine. There is a video here and if you want to play the link is here. You will need Firefox or Chrome which has HTML 5 for gamepad support if you do not want to use the keyboard. "I currently do not have any plans to develop this any further or to resolve any bugs, unless they're horrendously game-breaking and horrendously simple to fix," says Ross.
Internet Explorer

New Screenshots Detail Spartan Web Browser For Windows 10 Smartphones 62

Posted by timothy
from the evolution-continues dept.
MojoKid writes One of the most anticipated new features in Windows 10 is the Spartan web browser, which will replace the long-serving Internet Explorer. We've seen Spartan in action on the desktop/notebook front, but we're now getting a closer look at Spartan in action on the mobile side thanks to some newly leaked screenshots. Perhaps the biggest change with Spartan is the repositioning of the address bar from the bottom of the screen to the top (which is also in line with other mobile browsers like Safari and Chrome). The refresh button has also been moved from its right-hand position within the address bar to a new location to the left of the address bar. Reading Lists also make an appearance in this latest build of Spartan along with Microsoft's implementation of "Hubs" on Windows 10 for mobile devices.
Google

Google Quietly Launches Data Saver Extension For Chrome 39

Posted by timothy
from the keeping-track-of-things dept.
An anonymous reader writes Google has quietly released a Data Saver extension for Chrome, bringing the company's data compression feature to the desktop for the first time. You can download the extension, currently in beta, from the Chrome Web Store. We say "quietly" because there doesn't seem to be an announcement from Google. The extension was published on March 23 and appears to work exactly as advertised on the tin, based on what we've seen in our early tests.
Security

Chinese CA Issues Certificates To Impersonate Google 139

Posted by Soulskill
from the doing-trust-wrong dept.
Trailrunner7 writes: Google security engineers, investigating fraudulent certificates issued for several of the company's domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain. Google's engineers were able to block the fraudulent certificates in the company's Chrome browser by pushing an update to the CRLset, which tracks revoked certificates. The company also alerted other browser vendors to the problem, which was discovered on March 20. Google contacted officials at CNNIC, the Chinese registrar who authorized the intermediate CA, and the officials said that they were working with MCS to issue certificates for domains that it registered. But, instead of simply doing that, and storing the private key for the registrar in a hardware security module, MCS put the key in a proxy device designed to intercept secure traffic.
Bug

OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab 119

Posted by timothy
from the cat-like-typing-detected dept.
abhishekmdb writes No browsers are safe, as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC. The code is a 13-character special string which appears to be written in Assyrian script. Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Chrome

Every Browser Hacked At Pwn2own 2015, HP Pays Out $557,500 In Awards 237

Posted by Soulskill
from the another-four-bite-the-dust dept.
darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.
Firefox

Analysis: People Who Use Firefox Or Chrome Make Better Employees 127

Posted by Soulskill
from the also-handsomer-and-better-at-darts dept.
HughPickens.com writes: In the world of Big Data, everything means something. Now Joe Pinsker reports that Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, has found after analyzing data on about 50,000 people who took its 45-minute online job assessment, that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They also tended to perform better on the job as well. Chief Analytics Officer Michael Housman offered an explanation for the results in an interview with Freakonomics Radio: "I think that the fact that you took the time to install Firefox on your computer shows us something about you. It shows that you're someone who is an informed consumer," says Housman. "You've made an active choice to do something that wasn't default." But why would a company care about something as seemingly trivial as the browser a candidate chooses to use? "Call centers are estimated to suffer from a turnover rate of about 45 percent annually (PDF), and it can cost thousands of dollars to hire new employees," says Pinsker. "Because of that, companies are eager to find any proxy for talent and dedication that they can."